A vision for Gemini applications

[Koushik Roy]

On Wed, Jun 17, 2020 at 08:01:23AM -0400, Jason McBrayer wrote:
>   
>> What if, as you suggest, non-idempotent requests are required to use
>> certificates, and further, that general-purpose clients are required to
>> make cross-site requests *without a client certificate*, even if they
>> have a certificate for the target in their store?

I feel that this is too restrictive. Just offhand, things like a site 
counter are not idempotent but are quite useful. I think the server 
should be smart and gate non-trivial non-idempotent logic behind a 
certificate.


On 6/17/20 5:29 AM, solderpunk wrote:
> It just seemed to me that a client
> like that is going to be at the very least more fiddly work for
> developers to write and test, and perhaps also a bit more confusing for
> users to use, compared to either a client which just has no concept of
> client certificates, or one which does but is bound to a single domain.
> Two simple programs which each do one thing and do it well will be
> simpler and safer, and it plays well to one of our core strengths, which
> is that usable clients can be extremely lightweight so running one per
> app is very feasible.

Do you visualize separate clients per application, an 
application-optimized client, or both? Just curious about the 
destination of this vision.

- meff